Computer Tips -Tech Info

Last night while I was in the midst of infecting a virtual machine, Microsoft issued a release that there’s a “possible vulnerability”… fortunately, their technical document is a bit more straightforward… technet advisory here. Spyware Confidential also has a good roundup on the coverage so far. There’s a bit more disturbing stuff coming too…    […]

Well, I’ve just spent the better part of 6 hours (maybe a bit more) “sacrificing” a virtual machine to the zero-day Windows Meta File (WMF) exploit and all the malware that comes in. I picked one site from the sunbeltblog list to infect the virtual machine with and can attest to it being quite nasty. […]

There are at least two other workarounds for the Windows Meta File (WMF) exploit that I’ve been looking into this afternoon. These from sunbelt blog. First up… 2. Change file associations for WMF files. An equally ugly fix (but perhaps preferable) is to do the following: 1. Go to My documents, Tools, Folder Options, File […]

The Windows Meta File (WMF) zero-day (0-day) exploit is apparently, VERY nasty, no user intervention required (unless running firefox or opera). Just VISITING a malicous site (viewing a malicious email with image…) would be enough to get the system owned. It sounds as though a FULL reinstall is the best solution. Sunbelt has had some […]

There’s more on the WMF 0-day exploit… According to f-secure it’s being used to distribute the following nasties…. Trojan-Downloader.Win32.Agent.abs Trojan-Dropper.Win32.Small.zp Trojan.Win32.Small.ga Trojan.Win32.Small.ev.    Send article as PDF   

There seems to be quite a bit developing on the Windows Meta File (WMF) zero-day (0-day) exploit which was first reported yesterday. Sans has raised their alert level to yellow in an effort to get attention to this problem. It looks like the original site serving the exploit is down, but now it’s being served […]

F-Secure is warning about ads for a “leaked version” of Windows Messenger 8 beta. There is no public beta of this and it is a virus…. If you download and run BETA8WEBINSTALL.EXE from that site, you won’t get a new chat client. Instead, your existing MSN Messenger will start to send download links to everyone […]

There’s a joke that many people bring out when new Windows viruses hit big…. it goes along the lines of, “download a fix here” and the link points to a knoppix linux livecd download, or a Mandriva download disk, fedora/etc… Some say linux isn’t affected by as many viruses because it lacks market share, I […]

All in all, what I’ve documented was a bit over three hours worth of attention to the machine (much more for the full scans, but I didn’t have to stand and watch them.) I didn’t document a sidetrip to a second antivirus scanner. It’s nice to see a system cleaned up that had been so […]

Before I get things wrapped up, I like to scan rinse and repeat until the scans come up clean. So, this scan of AVG gives a chance to delete the archive entry I mentioned the first pass it took. And spybot get’s updated from the internet and re-runs. All looks clean there… Ad-aware get’s an […]